Solutions
Audit & Optimization Platform Design Automation Team Structure
Documentation Blog
Get Started
Networking 2021

Cilium 1.10: eBPF Networking and Security Advances

K8s Guru
3 min read
#cilium #ebpf #hubble #networking #security #kubernetes
Cilium 1.10: eBPF Networking and Security Advances

Table of Contents

Introduction

Cilium 1.10 — eBPF Networking and Security Advances — was released on May 25, 2021.

Policy usually becomes urgent the first time you need to stop a risky manifest from shipping — or when you’re trying to make standards repeatable across teams.

In this release: Cilium 1.10 enhances eBPF-based networking with improved performance, advanced security policies, and expanded Hubble observability capabilities.

eBPF Performance Enhancements

  • Direct routing improvements reduce latency and CPU overhead for pod-to-pod communication.
  • Service mesh acceleration enables high-performance service-to-service communication without sidecar proxies.
  • Network policy enforcement optimizations reduce per-packet processing overhead, improving throughput.
  • Connection tracking enhancements improve scalability for high-connection-count workloads.

Security & Policy Improvements

  1. Network policy refinements provide more expressive rules with CIDR, FQDN, and service account matching.
  2. L7 policy enforcement extends beyond HTTP to support gRPC, Kafka, and DNS protocols with deep packet inspection.
  3. Encryption improvements enhance WireGuard integration with automatic key rotation and multi-cluster support.
  4. Identity-based policies leverage Kubernetes service accounts and labels for zero-trust networking.

Hubble Observability Expansion

  • Service maps visualization provides real-time topology views of service-to-service communication with policy overlay.
  • Flow logs export to external systems (e.g., Splunk, ELK) for long-term storage and analysis.
  • Metrics integration with Prometheus exposes detailed network and security metrics for dashboards and alerts.
  • Tracing support enables correlation of network flows with application traces for end-to-end observability.

Multi-Cluster & Service Mesh

  • Cluster mesh improvements simplify multi-cluster connectivity with automatic service discovery and failover.
  • Global services enable transparent access to services across clusters with DNS integration.
  • Service mesh capabilities provide Istio-compatible APIs for gradual migration from sidecar-based meshes.
  • Gateway API support enables modern ingress and egress configuration with Cilium’s eBPF data plane.

Operational Enhancements

  • Helm chart improvements simplify installation and upgrades with better default values and validation.
  • Operator enhancements provide automated lifecycle management with health checks and rollback capabilities.
  • Diagnostics tools improve troubleshooting with detailed status reporting and connectivity testing.
  • Documentation expansion includes comprehensive guides for common deployment scenarios and best practices.

Getting Started

helm repo add cilium https://helm.cilium.io/
helm install cilium cilium/cilium --version 1.10.0 \
  --namespace kube-system \
  --set hubble.enabled=true \
  --set hubble.relay.enabled=true

Enable Hubble UI:

kubectl port-forward -n kube-system svc/hubble-ui 12000:80

Summary

AspectDetails
Release DateMay 25, 2021
Headline FeatureseBPF performance improvements, enhanced security, expanded Hubble observability
Why it MattersDelivers high-performance, secure networking with comprehensive observability for modern Kubernetes workloads

Cilium 1.10 demonstrates the power of eBPF for cloud-native networking, providing teams with a unified platform for connectivity, security, and observability.